Project

General

Profile

Actions

Bug #13913

closed

Logs full of WARN Attribute 'apiAuthorizationKind' or 'expirationTimestamp' is defined for API account but it will be ignored

Added by François ARMAND about 6 years ago. Updated over 2 years ago.

Status:
Released
Priority:
N/A
Category:
API
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Very Small
Priority:
82
Name check:
Fix check:
Regression:

Description

I'm not sure if the problem lies in Rudder or in one of user-management/api-authorization plugins, but we get into a situation where any action in Rudder leads to new logs:

WARN  com.normation.rudder.repository.ldap.LDAPEntityMapper - Attribute 'apiAuthorizationKind' or 'expirationTimestamp' is defined for API account 'admin' [admin], it will be ignored because the account is of type 'user'.

LDAP entry looks like:

dn: apiAccountId=admin,ou=API Accounts,ou=Rudder,cn=rudder-configuration
apiAccountId: admin
objectClass: apiAccount
objectClass: top
cn: admin
creationTimestamp: 20181023124204.477Z
apiToken: xxxxxxxxxx
apiTokenCreationTimestamp: 20181023124204.477Z
description: API token for user 'admin'
isEnabled: TRUE
apiAccountKind: user
structuralObjectClass: apiAccount
entryUUID: ca12ae10-6b0c-1038-8970-7396c7013d6a
creatorsName: cn=manager,cn=rudder-configuration
createTimestamp: 20181023124204Z
apiAuthorizationKind: rw
entryCSN: 20181024141834.113179Z#000000#000#000000
modifiersName: cn=manager,cn=rudder-configuration
modifyTimestamp: 20181024141834Z
entryDN: apiAccountId=admin,ou=API Accounts,ou=Rudder,cn=rudder-configuration
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

So the problem is "apiAuthorizationKind". It may already be there in Rudder 4.3.

The severity is low, and in fact there's little reason for the log level to be "warn". It should be "debug".


Subtasks 1 (0 open1 closed)

Bug #14220: Log "Missing API authorizations level kind for token 'admin' with id 'admin'"ReleasedNicolas CHARLESActions

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #18052: Error displayed when switching from full access to read onlyReleasedElaad FURREEDANActions
Actions #1

Updated by François ARMAND about 6 years ago

  • Translation missing: en.field_tag_list set to Sponsored
  • Severity set to Minor - inconvenience | misleading | easy workaround
  • User visibility set to Operational - other Techniques | Rudder settings | Plugins
  • Priority changed from 0 to 65
Actions #2

Updated by François ARMAND about 6 years ago

  • Effort required set to Very Small
  • Priority changed from 65 to 94

It should be really small, most likelly the warning for "apiAuthorizationKind" should not be there.

Actions #3

Updated by François ARMAND about 6 years ago

It may be related to #12958 but most likely not.

Actions #4

Updated by François ARMAND about 6 years ago

  • Assignee set to François ARMAND
Actions #5

Updated by Vincent MEMBRÉ almost 6 years ago

  • Target version changed from 4.3.8 to 4.3.9
  • Priority changed from 94 to 93
Actions #6

Updated by François ARMAND almost 6 years ago

OK, the problem seems to be that "apiAuthorizationKind" is added when it should not bootstrap check "CheckApiTokenAutorizationKind".

Actions #7

Updated by François ARMAND almost 6 years ago

  • Status changed from New to In progress
Actions #8

Updated by François ARMAND almost 6 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/2111
Actions #9

Updated by François ARMAND almost 6 years ago

  • Status changed from Pending technical review to Pending release
Actions #10

Updated by Alexis Mousset almost 6 years ago

  • Status changed from Pending release to Released
  • Priority changed from 93 to 92
This bug has been fixed in Rudder 4.3.9 and 5.0.5 which were released today.
Changelog
Changelog
Actions #11

Updated by François ARMAND over 4 years ago

  • Related to Bug #18052: Error displayed when switching from full access to read only added
Actions #12

Updated by Alexis Mousset over 2 years ago

  • Priority changed from 92 to 82
Actions

Also available in: Atom PDF